Advertisement

Advertisement

Spyware floods PCs from a single web page

By Will Knight

Visiting the wrong website can lead to an infestation of unwanted web advertising and monitoring programs, a new study reveals. And these intruders may make their way on to a hard drive by harnessing techniques used by hackers.

Ben Edelman, a researcher at Harvard University in Massachusetts, US, visited a website known to install “spyware” – monitoring programs which covertly install themselves onto a computer. He used a PC with a fresh installation of the Windows XP operating system and no software updates.

He discovered that 16 different programs quickly installed onto his PC without his consent. “My test PC was brought to a virtual stand-still,” Edelman writes in his report, published on 24 November. And the unwelcome programs all used the same software bug to worm their way onto the computer.

This is an illicit approach more commonly employed by computer hackers and virus writers to gain unauthorised access to a computer. The practice of using a software bug to access a machine is also illegal under US and European law.

Advertisement

“I was not shown licences or other installation prompts for any of these programs, and I certainly didn’t consent to their installation on my PC,” he says.

Pornographic icons

The website Edelman visited was one known to carry spyware. To get people to visit, the site’s authors normally post bogus links offering enticing content, such as free MP3 files. But a recent approach has involved using a web browser flaw to automatically load the content of the page via other types of site – like web discussion boards.

Edelman told New Scientist that several different types of spyware were installed. These include programs that generated advertising browser popup windows and redirected a browser to different sites and search engines.

Others added new icons to the PC’s desktop, including links to pornographic sites and one program attempted to make the PC dial a premium-rate phone number.

Scourge of the internet

Edelman estimates the companies behind these spyware programs stand to make a little over a dollar for such an infestation. “But clearly it’s going to take more than a dollar of your time to clean it up,” he adds.

Spyware has rapidly grown into one of the main scourges of the internet. It may come bundled with other software, particularly free programs, and can be extremely difficult to remove.

In March 2004, computer scientists at the University of Washington in Seattle, US, analysed network traffic passing across the university network watching for network packets associated with particular spyware applications.

The researchers concluded that as many as one in every 20 computers is already infected with some form of spyware.